There is nothing more frustrating than booting a client PC into your Microsoft Deployment Toolkit (MDT) environment, preparing to roll out a fresh operating system, and being stopped dead in your tracks by the infamous error: “PCI Driver Error: Connection to Deployment Share could not be made”. Please see Steps to Fix the “Invalid OS GUID” Error in MDT, and Faulting SecHealthUI: Resolve Windows Defender Notification.
Note: Ideally, this issue appears to look like the boot image is missing the right WinPE driver for the NIC. But when you search IT forums like Spiceworks, Experts-Exchange, or Microsoft Learn, the immediate, overwhelming consensus is almost always: “You are missing network interface card (NIC) drivers in your WinPE boot image.”
But what happens when you have meticulously downloaded, injected, and verified every single WinPE driver from Dell, and or Intel, and have injected or integrated these Drivers into MDT or WinPE itself and the error still persists as shown below?
Please see how to Update Your AMD Radeon Display Adapter Driver, how to update Proxmox VE to the latest version 9.2.3 today, and Secure Boot 2023 Compliance Across WinPE, MDT, WDS, and ADK: Boot Chain Alignment and PXE Validation [Final Part].
MDT Deployment Share Troubleshooting Table
As mentioned above, this issue is often misleadingas every forum or MDT error assumes it is caused by missing drivers. Especially network drivers as shown in the table below as well. But in reality, the root cause can vary significantly as we will see very shortly.
Based on on community discussions and practical troubleshooting experience, I have created the following table to help you pinpoint errors and be able to resolve MDT related issues. Note that I have highted two issue categories and both of them also helped in resolving this issue as injecting the correct drivers alone is not sufficient. You will also find some common errors here.
| Issue Category | Possible Cause | Symptoms Observed | Recommended Fix |
|---|---|---|---|
| Network Drivers | Missing or incorrect NIC drivers in WinPE | No IP address or network connectivity in WinPE | Inject correct WinPE drivers and update deployment share |
| WinPE Version | Outdated WinPE image | Drivers appear correct but connection still fails | Update MDT with latest Windows ADK + WinPE add-on |
| SMB / Network Access | Incorrect credentials or permissions | Prompt for credentials fails or loops | Verify deployment share permissions and credentials |
| DNS / Network Config | Name resolution issues | Cannot resolve MDT server hostname | Use IP address or fix DNS settings |
| Firewall / Security | SMB blocked or restricted | Connection timeout or access denied | Ensure ports (TCP 445) are open |
| Certificate / Secure Boot | Outdated boot certificates or Secure Boot incompatibility (2023 enforcement) | Connection fails even with correct drivers and network | Update WinPE with latest cumulative updates (CU) and Secure Boot certificates |
| MDT Boot Image | Boot image not regenerated after changes | Old behavior persists after fixes | Fully regenerate boot images and redeploy por reset WDS and regenrate images |
| Time/Clock Sync | System time mismatch | Authentication issues | Ensure correct BIOS/system time |
Please see Fix an error occurred while attempting to start selected VM on Hyper-V, Failed to Upgrade VIHR Component: Failed to open deployer Service Management Port, and The Backup Was Safe: The Data Center Was not: A Real-World Lesson About Hidden Data Center Risks and Governance Failures.
Downloading and Extracting WinPE Drivers
When MDT fails to map the deployment share drive, it boils down to network connectivity or the underlying operating system trust components within WinPE. As mentioned, the error “PCI\VEN_8086&DEV_125C&SUBSYS_30378086&REV_04” etc often points to missing NIC in WinPE.
Next, navigate to browser window and search for “WinPE NIC Dell”. You could also navigate to Dell web page on the fly and search for “WinPE driver pack”. Next, click on Dell Command | Deploy WinPE Driver Packs as shown below.
Here is the link to download “Deploy WinPE Driver Packs” for all versions of Windows. For Windows 11, see the download link. I will proceed and select WinPE 11 as shown below by clicking on the associated download link.
When redirected, click on the Download link as shown below.
Note: If you need to download “Intel Ethernet Adapter Complete Driver Pack”. This is only restricted to to this driver pack. You may have to download Intel Ethernet Adapter Complete Driver Pack for all supported OS versions.
To proceed with the driver “DELL WinPE”, kindly extract it as shown below. Since I already know that this will not work, I will show you the steps for integrating specific Drivers in the next session.
Select 7 zip, you could use the default Windows extrcation tool as you like.
Extraction in progress
Please see Enterprise Tape Library Administration: Control Path, Firmware, Media Management and Tape Operations, how to Repair a Corrupt SQL Server Database Without Data Loss, and Azure Application Gateway: Practical Configuration Guide.
Inject WinPE Drivers
To do this, open Deployment Workbench and navigate to “Deployment Share”, and then “Out-of-Box Drivers”.
Browse to the location of the WinPE you have extracted and select the right folder as shown below.
As you can see, the import is in progress.
The WinPE Driver Pack has been imported into MDT as shown below successfully.
You could created a selection profile if you wish. But I will be using all the Drivers available and therefore there is no need to do this in my case at this time.
Please see Stuck at Start PXE over IPv4: PXE-E18 Server response timeout, BitLocker Back Door: Stolen laptop to inside the company network, and how to Assign a Public IP to Azure Virtual Machine (VM).
Update Deployment Share
Now that we have ensured that the WinPE Selection Profile includes all drivers. We will proceed and update the deployment share to regenerate the boot images.
Note: pdating the share recompiles your configuration files and regenerates the actual ISO and WIM (
LiteTouchPE.wim) boot files used by your client machines.
Open the Deployment Workbench Launch the Microsoft Deployment Toolkit (MDT) console on your deployment server. Locate the Deployment Share In the left-hand navigation pane, expand the desired Deployment Shares and click on Update Deplyment Share.
Select completely regenrate the boot images and click on Next. This options recreates the ISO/WIM files entirely from scratch.
Shortly, MDT will mount the images via DISM, inject your selection profiles/drivers, and build the new boot media.
Once the progress bar finished successfully, click Finish as shown below.
Please see how to update Proxmox VE 9.0 now Supported by Veeam, how to Prevent Standard Users from Changing BitLocker Password, and how to run Windows 11 on HyperV.
Replace the Boot Image in WDS
Once your MDT deployment share has finished updating and your new LiteTouchPE.wim boot image is ready, the final step is getting Windows Deployment Services (WDS) configured to broadcast it over PXE.
To make sure your target computers pull the patched WinPE image instead of an cached, older version, you need to swap the WIM file inside the WDS console. Open the Windows Deployment Services console (wdsmgmt.msc) on your server.
In the left console tree, expand your server node and click on the Boot Images folder. Locate your existing LiteTouchPE (x64) boot image in the center pane. Right-click the image and select Replace Image. Next, click Browse and navigate to your MDT deployment share’s boot directory.
Click Open, then Next. You can keep the existing image name and description. Click Next again to let WDS overwrite the old boot image.
Image is currently being replaced
Click Finish once the file copy and integrity check are complete.
Do not forget to restart the WDS Service. This will clear any active image locks and force PXE clients to fetch the freshly uploaded configuration, give the deployment service a quick bounce:
- Right-click your server name at the very top of the WDS console tree.
- Navigate to All Tasks and then click on Restart.
- Wait for the service to successfully stop and start back up. You could do this via the command line as well
Boot the Target Machine via PXE
With the server completely prepped, you are ready to fire up your target deployment machine.
- Connect the target PC to your deployment network via an ethernet cable.
- Power on the machine and immediately press the system’s Boot Menu key (usually F12 on Dell systems, F9 on HP, or F8/Enter on other hardware).
- Select the network boot option (PXE Boot or Onboard NIC) from the UEFI/BIOS boot options list.
The machine will contact your WDS server over DHCP, pull down the updated LiteTouchPE.wim environment, and boot directly into your MDT Deployment Wizard.
Please see How to enable Secure Boot on PC to install Windows 11, how to Stuck at Start PXE over IPv4: PXE-E18 Server response timeout, and BitLocker Back Door: Stolen laptop to inside the company network.
Still Not Working: Download Device Specific Driver
Note: Unfortunately, this did not bypassing the previous share connection error. I would like to prove that this is not a driver issues.
Navigate to the official Intel Download Center or your device manufacturer’s driver page to dowload the device sepecif driver for example for this usecase, navigate to the URL.
MDT cannot read a standard .exe installer during the WinPE boot phase. You must extract the underlying driver files first as we did above. You can do this with the commandline as shown here “SetupEXE.exe /extract” or via using a tool like “7-Zip” to manually extract the contents as shown above.
Follow the same steps as shown above and import the Driver into MDT. Please pay attention to the selection profile and ensure you select “Include all drivers from the selection profile”.
As noted, the above steps will also fail. Even when you apply the selected updated on the PC itself, the deplyment will also fail.
This is because, when you boot into MDT to deploy an image, the system relies strictly on the network and storage drivers that are baked into your server’s LiteTouchPE.wim file. It has no access to, and completely ignores, the driver store inside the local C:\Windows\System32\DriverStore directory that you just updated via the Dell utility.
Please see Enable Secure Boot: Fix Secure Boot certificates expiration [Part 1], Update WinPE Boot Images with Windows UEFI CA Certificates [Part 2], how to Fix Operating System Loader failed signature verification” on Dell Safe BIOS Systems via PXE [Part 3], and PXE Boot Failure: “Access Denied or Aborted” with Secure Boot on [Part 4].
Sioni Secure Boot Certificate Checker
First, let us verifiy is Secure Boot Update is applied to the server itself. We can easily do this by running the file below. Sioni verifies whether your system’s Secure Boot database includes the Windows UEFI CA 2023 certificate, which is required for newer secure boot trust chains.
To test the Windows UEFI CA 2023 with a Sioni tool, please navigate to the URL to download Sioni Secure Boot Certificate Checker
Make sure to select “Unblock” since the file is being downloaded from the internet.
Right click on the executable and select run as an administrator
Yes, the server was incrrectly classified but as you can see we have Secure Boot Update 2023 correctly applied and the value is set to “True” as shown in the image below.
Please see how to Upgrade Veeam ONE to 13.0.2.6723 to Address Security Fixes, how to Fix Vulnerable Veeam Backup and Replication 13.0.1.2067 and Earlier, and how to upgrade Veeam One from v12 to v13.
The Ultimate Fix to PCI\VEN driver Issue
If you have injected the exact device-specific storage and network drivers and the deployment still fails, the problem isn’t the drivers. The problem is that an unpatched WinPE image lacks the necessary security trust components to connect to modern, secure Windows network shares.
To fix it once and for all, you must update the WinPE image itself with the latest Cumulative Update (CU) and with the 2023 Secure Boot certificates. You will also ensure that the Boot Manager and wdsmgfw.efi the Network Boot Program (NBP) used by Windows Deployment Services (WDS) for UEFI x64 PXE booting are correctly replaced.
Note: After following all these steps discussed in this guide, “Secure Boot 2023 Compliance Across WinPE, MDT, WDS, and ADK: Boot Chain Alignment and PXE Validation [Final Part]“. The error “PCI Driver Error: Connection to Deployment Share could not be made” will no longer be present.
When the above is done as discussed in the link above. For more on the deploye´ment steps, please see “ADK|WinPE|MDT: Deploy Windows with WDS“.
Shortly, you will be able to format the disk by using your desired template form the disk partitioning tool. When you are dne, select the close (x) button as shown below.
Next, begin the deployment as shown below
As you can see, the deployment has started
Services are being started
Note: If when the log BdsDxe: failed to start Boot0002... Aborted is prompted durint the deployment. This simply means that the system tried to perform a network boot using IPv4 PXE and timed out, didn’t get a DHCP address fast enough, and you can (as a user bypass) it. Just wait for it to time out itself and let the depyment continue.
Since the UEFI boot device fails or is skipped, the motherboard doesn’t just stop. It immediately moves to the next item in its programmed boot sequence.
I hope you found his article on “PCI Driver Error: Connection to Deployment Share could not be made” very useful. Please feel free to leave a comment below.
